Re-enabling SAML SSO tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7b5c17f4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7b5c17f4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7b5c17f4 Branch: refs/heads/2.6.x-fixes Commit: 7b5c17f4be63753772d1462edd3dd591c239faa6 Parents: 38d0447 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jun 15 18:10:48 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jun 15 18:10:48 2017 +0100 ---------------------------------------------------------------------- .../saml/sso/SAMLResponseValidatorTest.java | 108 +++++++++---------- 1 file changed, 52 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7b5c17f4/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java index 1cf4310..fc5f79f 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java @@ -27,8 +27,6 @@ import java.security.cert.X509Certificate; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import org.junit.Ignore; - import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.components.crypto.CryptoType; @@ -55,85 +53,84 @@ import org.w3c.dom.Element; * Some unit tests for the SAMLProtocolResponseValidator. */ public class SAMLResponseValidatorTest extends org.junit.Assert { - + static { OpenSAMLUtil.initSamlEngine(); } @org.junit.Test - @Ignore("invalid") public void testCreateAndValidateResponse() throws Exception { DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); Document doc = docBuilder.newDocument(); - - Status status = + + Status status = SAML2PResponseComponentBuilder.createStatus( SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null ); - Response response = + Response response = SAML2PResponseComponentBuilder.createSAMLResponse( "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status ); - + // Create an AuthenticationAssertion SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); callbackHandler.setIssuer("http://cxf.apache.org/issuer"); - callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES); + SAMLParms samlParms = new SAMLParms(); samlParms.setCallbackHandler(callbackHandler); AssertionWrapper assertion = new AssertionWrapper(samlParms); - + response.getAssertions().add(assertion.getSaml2()); - + Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); assertNotNull(policyElement); - + Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); - + // Validate the Response SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator(); validator.validateSamlResponse(marshalledResponse, null, null); } - + @org.junit.Test public void testInvalidStatusCode() throws Exception { DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); Document doc = docBuilder.newDocument(); - - Status status = + + Status status = SAML2PResponseComponentBuilder.createStatus( SAMLProtocolResponseValidator.SAML1_STATUSCODE_SUCCESS, null ); - Response response = + Response response = SAML2PResponseComponentBuilder.createSAMLResponse( "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status ); - + // Create an AuthenticationAssertion SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); callbackHandler.setIssuer("http://cxf.apache.org/issuer"); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - + SAMLParms samlParms = new SAMLParms(); samlParms.setCallbackHandler(callbackHandler); AssertionWrapper assertion = new AssertionWrapper(samlParms); - + response.getAssertions().add(assertion.getSaml2()); - + Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); assertNotNull(policyElement); - + Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); - + // Validate the Response SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator(); try { @@ -143,50 +140,50 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { // expected } } - + @org.junit.Test public void testResponseSignedAssertion() throws Exception { DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); Document doc = docBuilder.newDocument(); - - Status status = + + Status status = SAML2PResponseComponentBuilder.createStatus( SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null ); - Response response = + Response response = SAML2PResponseComponentBuilder.createSAMLResponse( "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status ); - + // Create an AuthenticationAssertion SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); callbackHandler.setIssuer("http://cxf.apache.org/issuer"); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - + SAMLParms samlParms = new SAMLParms(); samlParms.setCallbackHandler(callbackHandler); AssertionWrapper assertion = new AssertionWrapper(samlParms); - + Crypto issuerCrypto = new Merlin(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class); InputStream input = Merlin.loadInputStream(loader, "alice.jks"); keyStore.load(input, "password".toCharArray()); ((Merlin)issuerCrypto).setKeyStore(keyStore); - + assertion.signAssertion("alice", "password", issuerCrypto, false); - + response.getAssertions().add(assertion.getSaml2()); - + Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); assertNotNull(policyElement); - + Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); - + // Validate the Response SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator(); try { @@ -195,56 +192,55 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { } catch (WSSecurityException ex) { // expected } - + // Validate the Response validator.validateSamlResponse( marshalledResponse, issuerCrypto, new KeystorePasswordCallback() ); } - + @org.junit.Test - @Ignore("invalid") public void testSignedResponse() throws Exception { DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); Document doc = docBuilder.newDocument(); - - Status status = + + Status status = SAML2PResponseComponentBuilder.createStatus( SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null ); - Response response = + Response response = SAML2PResponseComponentBuilder.createSAMLResponse( "http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status ); - + // Create an AuthenticationAssertion SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); callbackHandler.setIssuer("http://cxf.apache.org/issuer"); - callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); - + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES); + SAMLParms samlParms = new SAMLParms(); samlParms.setCallbackHandler(callbackHandler); AssertionWrapper assertion = new AssertionWrapper(samlParms); - + Crypto issuerCrypto = new Merlin(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class); InputStream input = Merlin.loadInputStream(loader, "alice.jks"); keyStore.load(input, "password".toCharArray()); ((Merlin)issuerCrypto).setKeyStore(keyStore); - + response.getAssertions().add(assertion.getSaml2()); signResponse(response, "alice", "password", issuerCrypto); - + Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); assertNotNull(policyElement); - + Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); - + // Validate the Response SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator(); try { @@ -253,14 +249,14 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { } catch (WSSecurityException ex) { // expected } - + // Validate the Response validator.validateSamlResponse( marshalledResponse, issuerCrypto, new KeystorePasswordCallback() ); } - + /** * Sign a SAML Response */ @@ -275,7 +271,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { // Signature signature = OpenSAMLUtil.buildSignature(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - + // prepare to sign the SAML token CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias(issuerKeyName); @@ -292,7 +288,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { if (pubKeyAlgo.equalsIgnoreCase("DSA")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA; } - + PrivateKey privateKey = null; try { privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword); @@ -310,7 +306,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); kiFactory.setEmitEntityCertificate(true); - + try { KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); @@ -325,5 +321,5 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } - + }